News and general opinion, often privacy, security or computer related, but could be about anything really, including religion, politics, the environment, business or audio books. "Never ascribe to malice, that which can be explained by incompetence." -- Napoleon Bonaparte

Saturday, February 25, 2006

There is a proverb that says that the best way to judge a man is not by the way he treats his equals, but by the way he treats his inferiors. If you treat your servants or employees badly, it is a poor reflection on you.

The true measure of a man is how he treats someone who can do him absolutely no good

In most companies there is a Human Resources department, and in a few companies people are treated as the company's most valuable asset.Sadly, many companies treat their employees as Human Commodities rather than Human Resources or assets. They behave like their employees are disposable, and can be treated accordingly.

Tuesday, February 21, 2006

I recently listened to the audio book of "The Google Story" which can be purchased from www.audible.com. These photos confirm what the book says. I guess some companies realise that their employees are their most valuable (and creative) asset.

I guess this kind of visionary approach is just totally beyond crappy organisations like the --Name Deleted --. I used to work for them until they canned my contract and tried to say that I never had a contract. So much for integrity, even though their slogan is "maintaining the integrity of the sport of horseracing" [sic].

Sunday, February 19, 2006

Skype has come under scrutiny from the NSA and FBI since its PC-to-PC calls are encrypted using AES encryption. This is the same encryption used by the US Government for many things. So, why is it "national security" when the Government encrypts its communications and assumed "criminal activity" when private citizens follow suit? I use AES encryption to store credit card numbers in databases. PGP's author was persecuted by the US government, and WinZip has optional AES encryption. So what's different with communications? Nate Anderson writes in Ars Technica:"From a law enforcement point of view, digital communication is a two-edged sword. On the one hand, it allows for the simple collection, sorting, and processing of massive amounts of information (such as in the FBI's Carnivore system), but on the other hand, it is much easier for users to encrypt their communications with almost unbreakable codes. Now that VoIP calls are becoming commonplace, governments around the world are struggling to adapt to the new technology, and Skype has found itself under extra scrutiny."The reason is that Skype uses 256-bit, industry-standard AES encryption that is nearly impossible to break without the key. The Skype privacy FAQ explains the system this way:

"Skype uses AES (Advanced Encryption Standard) - also known as Rijndael - which is also used by U.S. Government organizations to protect sensitive, information. Skype uses 256-bit encryption, which has a total of 1.1 x 1077 possible keys, in order to actively encrypt the data in each Skype call or instant message. Skype uses 1024 bit RSA to negotiate symmetric AES keys. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates."

"All Skype traffic is automatically encrypted end-to-end without requiring any user intervention, and this encryption is posing a problem to authorities who need (or want) to listen in on conversations. Skype executives state that their software is free of all backdoors, and a security researcher who saw some (but not all) of the code agrees. Still, the company claims that it "cooperates fully with all lawful requests from relevant authorities," which may mean that they turn over keys to governments upon request."The call can also be tapped once it leaves the Skype system and enters the normal telephone network, so calls to a landline are inherently insecure. Still, strong AES encryption is enough to defeat real-time surveillance of telephone calls of the kind possibly used by the NSA. That doesn't mean that nothing can be gleaned from watching the traffic, which can be used to identify who the call is routed to and how long it lasts, but it does mean the contents of the call remain secure."Rather than being a new issue for law enforcement, though, this is actually just a new version of an old problem: how to access encrypted data on a suspect's computer? Encryption algorithms have been good enough for some time to prevent all but the most determined brute force attacks, but there are obviously other ways of solving the problem. For the FBI, keyloggers are a popular choice; they obviate the need for backdoors or for sophisticated computer solutions. They simply steal the password. The same (metaphorical) approach may give them access to Skype calls; rather than breaking the encryption, they simply grab the key and decrypt the data."The FCC ruled last year that VoIP providers need to offer backdoors into their systems for wiretapping reasons, but Skype isn't based in the US and so is not subject to the rule. It is subject to the EU's new Data Retention Directive, though, which may require them to retain call logs and decryption keys for a period of time. If so, real-time monitoring of Skype calls would still be out, but after-the-fact review of recorded calls from people of interest might well be possible for the government."

Saturday, February 18, 2006

FRANKFURT, Germany (AP) -- The chief executive and chairman of the board are trading hats in a shake-up at Sony BMG Music Entertainment, the powerhouse record company behind such pop stars as Britney Spears, OutKast and Travis Tritt.

Saturday, February 11, 2006

This week I discovered two new things about my medical "aid", Discovery Health. The first relates to my doctor friend who wrote to them complaining about their bullying tactics and doctors fees.Of course the original complaint was lost in the red tape of their call centre. That's what call centres are supposed to do: pretend to listen to the customer but actually shield the ivory tower management from the actual concerns of paying customers.Nevertheless, they were sufficiently challenged by the letter after it started circulating among their clients. Since they had no idea who wrote it (see above) they asked their propaganda/marketing department to prepare a response. Here it is. And once more it proves that they don't care about either their patients or the doctors who provide it.They followed the classic tactic that is the proven response of arrogant companies who are just trying to cover their backsides and appear to be responding to issues: admit no wrong. Of course they didn't do anything wrong; the critic was wrong. Is he a doctor? Does he know what is going on? Why is he anonymous? And so on.Of course what these weasels fail to realize is their customers don't buy these excuses any more. They forget that their customers also work for large arrogant corporations who are completely out of touch, and they recognize these tactics for what they are.Now for the bitter irony: the same KeyCare Plans that they are so keen to defend are the ones that are now in trouble. The KeyCare plans favour certain hospitals, particularly the Mediclinic hospitalsRecently the Medi-Clinic Group of hospitals put their rates up, beyond what Discovery thought was reasonable (2%). Medi-Clinic has stuck to their guns. Discovery has in return promised to make the preauthorizations for hospital admissions much harder, longer, and has indicated they will try to push their members away from Medi-Clinic hospitals.So here you have a KeyCare plan, especially linked to Medi-Clinic, with 100 000 members, who will face major delays and obstacles in hospital authorizations, and told not to go to Medi-Clinic, the only hospital group they can go to!?They had no problem in raising my premiums by 7.5%, but expect the hospital group to stick to 2%. Have all their accountants gone mad? The mind boggles. And we thought the Minister of Health had lost the plot.

Friday, February 10, 2006

If You Bought, Received or Used a SONY BMG Music Entertainment CD Containing Either XCP or Media Max Content Protection Software, Your Rights May Be Affected By a Class Action Settlement, And You Should Download Updates For That Software.

What is this about?

A settlement has been proposed in a lawsuit brought against SONY BMG Music Entertainment, Inc., SunnComm International Inc., and First 4 Internet, Ltd. ("Defendants"). The lawsuit, In re SONY BMG CD Technologies Litigation, Case No. 1:05-cv-09575-NRB, is pending in the United States District Court for the Southern District of New York and relates to XCP and MediaMax content protection software installed on certain SONY BMG music CDs.The Settlement resolves claims that the Defendants manufactured and sold CDs containing XCP and MediaMax software without adequately disclosing the limitations the software imposes on the use of the CDs and the security vulnerabilities it creates. The Defendants have denied that they did anything wrong.

Who Is Included, And What Does The Settlement Provide?

The settlement provides relief for persons who bought, received or used SONY BMG CDs with either XCP or MediaMax software. Under the settlement, any person in possession of an XCP CD can exchange it for a replacement CD, an MP3 download of the same album, and either(a) cash payment of $7.50 and one (1) free album download from a list of 200 albums, or(b) three (3) free album downloads from that list. Purchasers of CDs containing MediaMax 5.0 software will receive a free MP3 download of the same album and one (1) additional free album download. Purchasers of CDs containing MediaMax 3.0 software will receive a free MP3 download of the same album.The settlement also requires the Defendants to stop manufacturing SONY BMG CDs with XCP or MediaMax 3.0 and 5.0 software and, until 2008:(1) make available updates to fix all known security vulnerabilities caused by XCP and MediaMax software;(2) provide software programs to uninstall XCP and MediaMax software safely;(3) fix any future security vulnerabilities discovered in MediaMax and any other content protection software placed on SONY BMG CDs;(4) provide independent verification that personal information about users of SONY BMG CDs has not and will not be collected through XCP or MediaMax;(5) waive certain provisions of the end user license agreements for XCP and MediaMax software; and(6) ensure that any other content protection software will be clearly disclosed, independently tested and readily uninstalled.At 9:15a.m. on May 22, 2006, the Court will hold a hearing at the United States District Court, Daniel Patrick Moynihan United States Courthouse, 500 Pearl Street, Courtroom 21A, New York, New York 10007-1312, to decide whether to approve the settlement and the class attorneys' fees and costs.

How Do I Participate In The Settlement?

If you bought or received a SONY BMG Music CD containing XCP or MediaMax software and want to receive the relief you may be eligible for under the settlement, you must submit an online claim form at www.sonybmgcdtechsettlement.com, or mail a claim form to:

If you bought, received or used a SONY BMG Music CD containing XCP or MediaMax software, and you do not want to be legally bound by the settlement or receive a replacement CD, cash, free downloads or other relief, you must exclude yourself by May 1, 2006. If you do not exclude yourself, certain of your claims against the Defendants that were or could have been asserted in the lawsuit will be released, meaning you may not be able to sue the Defendants for those claims. To view the detailed legal Notice of Proposed Class Action Settlement, Motion for Attorneys' Fees and Settlement Fairness Hearing and to download the software updates, visit www.sonybmgcdtechsettlement.com. You may obtain further information by contacting the claims administrator at the address above or by calling toll free 1-800-242-7610.

It seems that Sony is getting it, in spite of their claim that they didn't do anything wrong. May this be a lesson to the music/software industry in general: don't mess with my PC.